(ITS#5198) wrong SQL-Statements in Back-SQL

[peter.gietz@daasi.de]

Full_Name: Peter Gietz
Version: 2.3.38
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (84.154.95.209)


This bug report was given to me at the OpenLDAP booth on the Systems in Munich.

SQL search-statements are wrong because of a strange OR condition: 
"(2=2 OR (ldap_entries.id=ldap_entry_objclasses.entry_id AND
ldap_entry_objclasses.oc_name='"

So instead of a subset, all data are included in the response. Thats what the
guy, who was too lazy to make the bug report himself told me. He also told me
that he patched his code (by deleting the condition (2=2)  and is happy for
now.

If you think this is a bug, please repair.

I found this in the source code (.../slapd/back-sql/search.c (lines 780-805): 
(not sure if this is the only occurance)


			/*
			 * "structural" objectClass inheritance:
			 * - a search for "person" will also return 
			 *   "inetOrgPerson"
			 * - a search for "top" will return everything
			 */
 			if ( is_object_subclass( oc, bsi->bsi_oc->bom_oc ) ) {
				static struct berval ldap_entry_objclasses = BER_BVC(
"ldap_entry_objclasses" );

				backsql_merge_from_tbls( bsi, &ldap_entry_objclasses );

				backsql_strfcat_x( &bsi->bsi_flt_where,
						bsi->bsi_op->o_tmpmemctx,
						"lbl",
						(ber_len_t)STRLENOF( "(2=2 OR
(ldap_entries.id=ldap_entry_objclasses.entry_id AND
ldap_entry_objclasses.oc_name='" /* ')) */ ),
							"(2=2 OR (ldap_entries.id=ldap_entry_objclasses.entry_id AND
ldap_entry_objclasses.oc_name='" /* ')) */,
						&bsi->bsi_oc->bom_oc->soc_cname,
						(ber_len_t)STRLENOF( /* ((' */ "'))" ),
							/* ((' */ "'))" );
				bsi->bsi_status = LDAP_SUCCESS;
				rc = 1;
				goto done;
			}

			break;
		}